4 Answers
4

Mint.com uses something called OFX (Open Financial Exchange) to get the information in your bank account. If someone accessed your mint account they would not be able to perform any transactions with your bank. All they would be able to do is view the same information you do, which some of it could be personal <- that's up to you.

Generally the weakest point in security is with the user. An "attacker" is far more likely to get your account information from you then he is from the site your registered with.

Why you're the weakest point:

When you enter your account information, your password is never saved exactly how you enter it. It's passed through what is called a "one way function", these functions are easy to compute one way but given the end-result is EXTREMELY difficult to compute in reverse. So in a database if someone looked up your password they would see it something like this "31435008693ce6976f45dedc5532e2c1". When you log in to an account your password is sent through this function and then the result is checked against what is saved in the database, if they match you are granted access. The way an attacker would go about getting your password is by entering values into the function and checking the values against yours, this is known as a brute force attack. For our example (31435008693ce6976f45dedc5532e2c1) it would take someone 5 million years to decry-pt using a basic brute force attack. I used "thisismypassword" as my example password, it's 12 characters long. This is why most sites urge you to create long passwords with a mix of numbers, uppercase, lowercase and symbols.

This is a very basic explanation of security and both sides have better tools then the one explained but this gives you an idea of how security works for sites like these.

You're far more likely to get a virus or a key logger steal your information.

Do you store my bank login information on your servers?
Your bank login credentials are stored securely in a separate database
using multi-layered hardware and software encryption. We only store the
information needed to save you the trouble of updating, syncing or
uploading financial information manually.

Open Financial Exchange (OFX) is a unified specification for the
electronic exchange of financial data between financial institutions,
businesses and consumers via the Internet.

This is how mint is able to communicate with even your small local bank.

FINAL EDIT: ( This answers everything )

For passwords to Mint itself, we compute a secure hash of the user's
chosen password and store only the hash (the hash is also salted - see
http://en.wikipedia.org/wiki/Sal... ). Hashing is a one-way function
and cannot be reversed. It is not possible to ever see or recover
the password itself. When the user tries to login, we compute the
hash of the password they are attempting to use and compare it to the
hashed value on record. (This is a standard technique which every site
should use).

For banking credentials, we generally must use reversible encryption
for which we have special procedures and secure hardware kept in our
secure and guarded datacenter. The decryption keys never leave the
hardware device (which is built to destroy the key material if the
tamper protection is attacked). This device will only decrypt after
it is activated by a quorum of other keys, each of which is stored on
a smartcard and also encrypted by a password known to only one person.
Furthermore the device requires a time-limited
cryptographically-signed permission token for each decryption. The
system (which I designed and patented) also has facilities for secure
remote auditing of each decryption.

Sorry, but you're missing something important. Based on my understanding from security.stackexchange.com/questions/10820/… (maybe things changed?) mint.com does have to store your passwords to various banking sites. While those are encrypted, they do have to access them in clear text so they can authenticate to the bank. I think the risk is bigger than you suggest.
– TomJun 9 '12 at 15:53

13

My point is is that the password they store is not a hash of your password... it is the password. They take serious measures to guard that... but it's less secure than what you describe. OFX or not, you're trusting another party with your password. That's a very real risk that you need to weigh before you decide to use mint.com.
– TomJun 9 '12 at 17:24

9

Thanks for the link! Note, VP says "For banking credentials, we generally must use reversible encryption" which is my main point. Another poster on that question expresses my concern well: "To me it seems that the vulernable moment is when the password is decrypted for use and ready to be sent to the bank. If the server handling that job gets compromized, the attacker will gain access to all passwords that go through it."
– TomJun 9 '12 at 20:05

8

So now we know: mint.com does have your password. It's stored in a secure way but there are ways to reverse the encryption and acquire the cleartext password. They take serious measures to safeguard it, but don't be fooled into thinking they store an irreversible version of your password and that there is not way to get the password. "This device will only decrypt after it is activated by a quorum of other keys, each of which is stored on a smartcard and also encrypted by a password known to only one person."
– TomJun 9 '12 at 20:08

7

"The system (which I designed and patented)" A patent is absolutely no guarantee that the system performs as one would want from a security point of view, just like copyright on computer software is no guarantee that the code is free of bugs.
– a CVnJun 11 '12 at 9:30

Some banks allow mint.com read-only access via a separate "access code" that a customer can create. This would still allow an attacker to find out how much money you have and transaction details, and may have knowledge of some other information (your account number perhaps, your address, etc).

The problem with even this read-only access is that many banks also allow users at other banks to set up a direct debit authorization which allows withdrawals. And to set the direct debit link up, the main hurdle is to be able to correctly identify the dates and amounts of two small test deposit transactions, which could be done with just read-only access.

Most banks only support a single full access password per account, and there you have a bigger potential risk of actual fraudulent activity.

But if you discover such activity and report it in a timely manner, you should be refunded. Make sure to check your account frequently. Also make sure to change your passwords once in a while.

Who refunds? The bank? If I've authorized a third party to act as an agent on my behalf, and given them my password, and that agent is somehow compromised, why would the bank be liable for any of it?
– Chris W. ReaJun 8 '12 at 17:58

And even if mint.com only gets read only access, I have given the one and only user / pass combo for my bank to mint. If that gets stolen, a thief could go directly into my money. (That being said, I use mint.com often.)
– MrChristerJun 8 '12 at 18:16

1

@MrChrister that's my point - not the one and only. For example, ING Direct and Sharebuilder have a different set of keys for mint.com, not the same you use when you log-in into their website directly.
– littleadvJun 8 '12 at 18:20

1

...AND DON'T USE THE SAME PASSWORD FOR ALL YOUR BANK'S AND MONEY ACCOUNTS!!
– MrChristerJun 8 '12 at 18:25

With Mint you are without a doubt telling a third party your username and password. If mint gets compromised, or hires a bad actor, technically there isn't anything to stop shenanigans. You simply must be vigilant and be aware of your rights and the legal protections you have against fraud.

For all the technical expertise and careful security they put in place, we the customers have to know that there is not, nor will there ever be, a perfectly secure system.

The trade off is what you can do for the increased risk. And when taken into the picture of all the Other* ways you banking information is exposed, and how little you can do about it, mint.com is only a minor increase in risk in my opinion.

*See paypal, a check's routing numbers, any e-commerce site you shop at, every bank that has an online facing system, your HR dept's direct deposit and every time you swipe your debit / credit card somewhere.

These are all technically risks, some of which are beyond your control to change. Short of keeping your money in your mattress you can't avoid risk. (And then your mattress catches fire.)

Here's a very simple answer, ask your broker/bank. Mine uses ofx. When asked if they would reimburse me for any unauthorized activity, the answer was no. Simple enough, the banks that use it don't feel its secure enough.